[libvirt] [PATCH 07/10] apparmor: include local apparmor profiles

Jamie Strandboge jamie at canonical.com
Mon May 15 14:30:09 UTC 2017

On Mon, 2017-05-15 at 09:28 -0500, Jamie Strandboge wrote:
> On Mon, 2017-05-15 at 15:23 +0200, Stefan Bader wrote:
> > From: Felix Geyer <fgeyer at debian.org>
> > 
> > Local overrides is a feature Debian/Ubuntu libvirt provided for a while.
> > This allows the user to have a non-conffile that he can use to extend the
> > package delivered rules with extra content matching his special case.
> > 
> > This change adds the include directives to the apparmor profiles
> > for virt-aa-helper and libvirtd.
> > 
> I'm fine with this change but it is important to understand that
> /etc/apparmor.d/local/usr.sbin.libvirtd must exist otherwise the profile will
> fail to load. In Debian/Ubuntu we use dh_apparmor which takes care of this for
> us. If this is upstreamed, then wherever install of the profile happens or is
> documented, then the local changes file needs to also be installed/documented.
> Other non-deb distributions might not like this extra file, so it is possible
> this may be a Debian and its derivatives thing....

Oh heh, I see you adjusted the Makefile.am for this in 08. Thanks!

Jamie Strandboge             | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170515/18673991/attachment-0001.sig>

More information about the libvir-list mailing list